isAdmin implemented.
This commit is contained in:
38
index.js
38
index.js
@ -18,6 +18,9 @@ export const securityEnhancer = (log, loga, argv, baseHandler) => {
|
||||
// Initialize token manager
|
||||
const tokenManager = new TokenManager(argv.status)
|
||||
|
||||
// Get admin configuration from argv (same way other security plugins do)
|
||||
const admin = argv.admin
|
||||
|
||||
// Helper function to get current user from enhanced authentication
|
||||
const getCurrentUser = (req) => {
|
||||
return enhancer.getUser(req, () => baseHandler.getUser(req))
|
||||
@ -38,6 +41,23 @@ export const securityEnhancer = (log, loga, argv, baseHandler) => {
|
||||
return false
|
||||
}
|
||||
|
||||
// Enhanced admin check that includes token-based admin
|
||||
enhancer.isAdmin = (req, baseIsAdmin) => {
|
||||
// First check if base authentication already grants admin
|
||||
if (baseIsAdmin()) {
|
||||
return true
|
||||
}
|
||||
|
||||
// Check if token belongs to admin user
|
||||
if (req.tokenAuth && req.tokenAuth.user && admin !== undefined) {
|
||||
// Compare token user with configured admin
|
||||
// Use JSON.stringify for deep comparison like we do elsewhere
|
||||
return JSON.stringify(req.tokenAuth.user) === JSON.stringify(admin)
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// Enhanced user identification that includes token users
|
||||
enhancer.getUser = (req, baseGetUser) => {
|
||||
// If we have token auth, return the token user
|
||||
@ -118,13 +138,27 @@ export const securityEnhancer = (log, loga, argv, baseHandler) => {
|
||||
app.post('/plugin/useraccesstokens/create', authenticated, async (req, res) => {
|
||||
try {
|
||||
const user = getCurrentUser(req)
|
||||
const { name, expiresInDays } = req.body
|
||||
const { name, expiresInDays, scopes } = req.body
|
||||
|
||||
if (!name || typeof name !== 'string' || name.trim() === '') {
|
||||
return res.status(400).json({ error: 'Token name is required' })
|
||||
}
|
||||
|
||||
const result = await tokenManager.createToken(user, name.trim(), expiresInDays)
|
||||
// Validate scopes if provided
|
||||
if (scopes && !Array.isArray(scopes)) {
|
||||
return res.status(400).json({ error: 'Scopes must be an array' })
|
||||
}
|
||||
|
||||
// Filter valid scopes - admin scope is not needed since admin is based on user
|
||||
const validScopes = ['site:read', 'site:write']
|
||||
const requestedScopes = scopes || ['site:read', 'site:write']
|
||||
const filteredScopes = requestedScopes.filter(scope => validScopes.includes(scope))
|
||||
|
||||
if (requestedScopes.length > 0 && filteredScopes.length === 0) {
|
||||
return res.status(400).json({ error: 'No valid scopes provided' })
|
||||
}
|
||||
|
||||
const result = await tokenManager.createToken(user, name.trim(), expiresInDays, filteredScopes)
|
||||
|
||||
res.json({
|
||||
token: result.token,
|
||||
|
||||
Reference in New Issue
Block a user